In previous posts (here, here and here), we discussed the Executive Order of 12 May and the CSIS event on it. The guest was Anne Neuberger, Deputy National Security Advisor for Cyber and New Technologies. Section 3 of the Executive Order, as well as Neuberger’s emphasis on Zero Trust Architecture (ZTA) as one of the security best practices to follow.
Although ZTA has long been a well-known security approach, it has never before become a topic of discussion with such intensity. You could say there is hype around it. With this in mind, let’s try to objectively assess the potential role of ZTA, with a special focus on (electricity) ICSs:
- The recent events in cyberspace undoubtedly raise the need to move beyond the current cyber defence paradigm – deeply compartmentalised, segmented, with strong perimeter defences designed to prevent the attacker from entering the ‘perimeter’. Given the ever more ‘creative’ penetration techniques of attackers (see e.g. SolarWinds/Orion), it must increasingly be assumed that any hw/sw system element that is/was introduced/is introduced into the ‘perimeter’ by any means can be considered to be a risk, i.e. ‘no one’ can be trusted. This new approach represents a paradigm shift.
- For ICSs
the importance of a constantly balanced and high level of ‘security’ and ‘safety’ capabilities is of particular importance, in the extreme case in terms of human lives.
- A reduction in security due to new types of attacks can lead to an unacceptable reduction in safety. The desired level can only be ensured by restoring the level of security. Without underestimating the importance of IT systems, in OT systems it can indeed be literally vital that individual system components – and hence the system as a whole – function reliably. ZTA can be a suitable method of ensuring all this.
- The 2017 attack on an oil refinery in Saudi Arabia is a stark reminder of the stakes. Malware was discovered in Schneider Electric’s Triconex SIS (Safety Instrumented System). According to the analysis, the attackers exploited a zero-day vulnerability to inject a RAT (Remote Access Trojan) malware into SIS system. This was the first known attack on the safety system.
Although the attacker in this case introduced the malware in a “traditional” way, by “spoofing” the border security, it is hard to imagine if, for example, a supply chain vulnerability could be exploited to install a backdoor into SIS or one of its components, or to open a backdoor after a software update. ZTA can be a suitable tool to deal with this type of attack. - As in many other industrial technologies, the guaranteed reliability of the signals and measurements received by the SCADA and the operator’s interventions in the monitored technology from there is crucial in the power sector. This can only be ensured with reliable components and systems. And although there are views that ZTA may have a more justifiable place in SCADAs, it would be surprising, given the description, if ZTA ‘avoids’ the ‘security’ and then ‘safety’ systems of ICSs.
Although the Executive Order does not mention IT and/or OT involvement for ZTA, it will be inevitable to consider OT specificities when implementing it.
And why is it useful for us to address this issue?
Well,
if the ZTA spreads due to US developments and regulations, it will spread to other markets of global companies. The domestic environment should also be prepared for this.
In electricity, the lifetime of ICSs is very long – up to 15 years – meaning that the impact of any change will only fully “pass through” the system after that time. The longer it takes to implement, the longer it takes for its complex, protective effects to take effect.
Do you think ZTA will be introduced in our country and if so, when and where?
* Source: ICS cyber security blog
We welcome your comments, whether you agree or disagree with the above. We welcome and welcome comments or suggestions, e.g. in response to a new post, which could even lead to a substantive exchange of views.
Translated by DeepL